Exchange Token
Method is used to obtain user's permanent access token by exchanging it with the access code received during the user authentication.
Request
https://api.dapi.com/v2/auth/ExchangeToken
Request Example
{
"appSecret": "00bae841ad979345fca2e2585c000da7eac420504d189cf63315e7a6234d45c68dbd6fff749167292cd1475622805dce7a2b979db3c16e25a2897158ee63845b1043930ff603e19deb1d2d54ad9afc3d52df241d3c4e7286244a2f98a10212e38b2e9f8b0e3a7592702fa4358fb9103b93a26dd6bb92c2be0327ac054f14becc",
"accessCode": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImlhdCI6MTYxNjQyOTI0MCwiZXhwIjoxNjE2NDI5NTQwfQ.FVo8b-krSDNHjIormm_BZAUxUfr_4ZEAzp_xh9WuR0M",
"connectionID": "2c72a336a7c09fd905f9adf3dc5ff976d58eeb20"
}
Body Parameters
Parameter | Type | Description |
---|---|---|
appSecret REQUIRED | String | Private token generated at application creation. |
accessCode REQUIRED | String | Unique code for a user’s successful login to Connect. Returned in the response of UserLogin. |
connectionID REQUIRED | String | The connectionID from a user’s successful log in to Connect |
Response
Response Example
{
"success": true,
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImF1dGhvcml6YXRpb25zIjp7ImF1dGhlbnRpY2F0aW9uIjp7ImNyZWF0ZSI6dHJ1ZX0sImlkZW50aXR5Ijp7ImdldCI6ZmFsc2V9LCJhY2NvdW50cyI6eyJnZXQiOmZhbHNlfSwiYmFsYW5jZSI6eyJnZXQiOmZhbHNlfSwidHJhbnNhY3Rpb25zIjp7ImdldCI6ZmFsc2V9LCJiZW5lZmljaWFyaWVzIjp7ImdldCI6ZmFsc2UsImNyZWF0ZSI6ZmFsc2V9LCJ0cmFuc2ZlciI6eyJjcmVhdGUiOmZhbHNlfSwiY2FyZHMiOnsiZ2V0IjpmYWxzZX0sInN0YXRlbWVudHMiOnsiZ2V0IjpmYWxzZX0sInByb2R1Y3RzIjpbImRhdGEiLCJwYXltZW50Il19LCJpYXQiOjE2MTY0MjkzMTZ9.MIicjZXD8ojOqInzKqeyzmfCkQaxl7K6NU7Q5UPt47Y",
"status":"done"
}
Response Parameters
success | Boolean | Returns true if request is successful and false for all else. |
accessToken | String | A unique permanent token linked to one user. Is only returned if the request was successful |
status | Enum | Status of the operationdone - Operation Completed failed - Operation Failed user_input_required - Pending User Input initialized - Operation In Progress*For further explanation see Operation Statuses |
type | Enum | Type of error encountered Is only returned if the request was not successful |
msg | String | Detailed description of the error Is only returned if the request was not |
Examples
Successful
{
"appSecret": "00bae841ad979345fca2e2585c000da7eac420504d189cf63315e7a6234d45c68dbd6fff749167292cd1475622805dce7a2b979db3c16e25a2897158ee63845b1043930ff603e19deb1d2d54ad9afc3d52df241d3c4e7286244a2f98a10212e38b2e9f8b0e3a7592702fa4358fb9103b93a26dd6bb92c2be0327ac054f14becc",
"accessCode": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImlhdCI6MTYxNjQyOTI0MCwiZXhwIjoxNjE2NDI5NTQwfQ.FVo8b-krSDNHjIormm_BZAUxUfr_4ZEAzp_xh9WuR0M",
"connectionID": "2c72a336a7c09fd905f9adf3dc5ff976d58eeb20"
}
{
"success": true,
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImF1dGhvcml6YXRpb25zIjp7ImF1dGhlbnRpY2F0aW9uIjp7ImNyZWF0ZSI6dHJ1ZX0sImlkZW50aXR5Ijp7ImdldCI6ZmFsc2V9LCJhY2NvdW50cyI6eyJnZXQiOmZhbHNlfSwiYmFsYW5jZSI6eyJnZXQiOmZhbHNlfSwidHJhbnNhY3Rpb25zIjp7ImdldCI6ZmFsc2V9LCJiZW5lZmljaWFyaWVzIjp7ImdldCI6ZmFsc2UsImNyZWF0ZSI6ZmFsc2V9LCJ0cmFuc2ZlciI6eyJjcmVhdGUiOmZhbHNlfSwiY2FyZHMiOnsiZ2V0IjpmYWxzZX0sInN0YXRlbWVudHMiOnsiZ2V0IjpmYWxzZX0sInByb2R1Y3RzIjpbImRhdGEiLCJwYXltZW50Il19LCJpYXQiOjE2MTY0MjkzMTZ9.MIicjZXD8ojOqInzKqeyzmfCkQaxl7K6NU7Q5UPt47Y",
"status":"done"
}
Failed - Missing Mandatory Parameters
{
"appSecret": "00bae841ad979345fca2e2585c000da7eac420504d189cf63315e7a6234d45c68dbd6fff749167292cd1475622805dce7a2b979db3c16e25a2897158ee63845b1043930ff603e19deb1d2d54ad9afc3d52df241d3c4e7286244a2f98a10212e38b2e9f8b0e3a7592702fa4358fb9103b93a26dd6bb92c2be0327ac054f14becc",
"accessCode": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImlhdCI6MTYxNjQyOTI0MCwiZXhwIjoxNjE2NDI5NTQwfQ.FVo8b-krSDNHjIormm_BZAUxUfr_4ZEAzp_xh9WuR0M"
}
{
"success": false,
"status": "failed",
"msg": "Validation error on field 'connectionID'. Error: value must not be an empty string",
"type": "INVALID_ARGS"
}
Failed - Invalid AccessCode
{
"appSecret": "00bae841ad979345fca2e2585c000da7eac420504d189cf63315e7a6234d45c68dbd6fff749167292cd1475622805dce7a2b979db3c16e25a2897158ee63845b1043930ff603e19deb1d2d54ad9afc3d52df241d3c4e7286244a2f98a10212e38b2e9f8b0e3a7592702fa4358fb9103b93a26dd6bb92c2be0327ac054f14becc",
"accessCode": "Invalid_access_code",
"connectionID": "2c72a336a7c09fd905f9adf3dc5ff976d58eeb20"
}
{
"msg": "Invalid token",
"type": "INVALID_TOKEN",
"success": false,
"status": "failed"
}
FAQ
What is the difference between accessCode
and accessToken
?
accessCode
is a temporary token generated upon successful authentication via the Connect Layer.
accessToken
is a permanent token that is generated upon sending theaccessCode
along other secrets to Dapi using theexchangeToken
request.
How permanent is the accessToken
?
One
accessToken
corresponds to one pair of login credentials into one bank account. The only way theaccessToken
loses its validity is if the user changes their login credentials or if the De-Link User API is called.
Why do I need an accessToken
?
accessToken
is required to make any following API calls to Dapi to retrieve data or initiate payments.
Updated about 1 year ago
Now that you obtained the token, you can read more about how to initiate a transaction, retrieve users financial information or make the token invalid